Skip to content

Releases: OpenCTI-Platform/opencti

Version 6.3.5

04 Oct 13:45
3ba155b
Compare
Choose a tag to compare

Enhancements:

  • #8536 [Backend] Add SAML option to get email from attribute
  • #7255 [Investigation]: Change the "representation" key used in an investigation for an observable of type "File"
  • #4864 Enhance retention policy deletion performances / speed

Bug Fixes:

  • #8568 Not enough margin top in entity => history (search bar hidden)
  • #8520 Indicator valid_until field is not displayed in list view
  • #8514 Different font styles in correlated reports list
  • #8445 English grammar errors in the toggle labels for the "Update a group" panel
  • #8433 [Dashboards] Can't modify dashboards settings even in admin (bypass all cap)
  • #8316 Infinite load is broken in container add entity
  • #8273 Right menu in security is not correctly highlighted when entering roles / users / groups
  • #8249 Update Observable header has wrong color
  • #8174 Multiple issues in markdown content files
  • #8050 Group members are inconsistent and can lead to mistakes on managing RBAC
  • #7634 Cannot search by hashes in knowledge graph
  • #7043 User can merge entities without the full visibility of entities merged
  • #6656 Autocomplete in filters return odd results

Pull Requests:

Full Changelog: 6.3.4...6.3.5

Version 6.3.4

29 Sep 17:48
9754a5e
Compare
Choose a tag to compare

Bug Fixes:

  • #7477 OpenCTI fails to detect successfully authenticated OpenID Connect SSO via ADFS
  • #8512 [livestream] update and removal are not done anymore on destination
  • #7925 OIDC logout remote not working
  • #8451 [Export] Inconsistency in the number of exported entities
  • #8515 [RSS feed] Author set in ingester not applied
  • #8265 Worbench creation pop-up freezes if workbench of same name already exists
  • #8440 Can't remove latitude and longitude of locations in UI

Pull Requests:

New Contributors:

Full Changelog: 6.3.3...6.3.4

Version 6.2.19

29 Sep 16:34
999b02b
Compare
Choose a tag to compare

Bug Fixes:

  • #8512 [livestream] update and removal are not done anymore on destination

Full Changelog: 6.2.18...6.2.19

Version 6.3.3

24 Sep 03:11
1cdea30
Compare
Choose a tag to compare

Bug Fixes:

  • #8451 In global search, the "local" search field should not be displayed (and is not working currently)
  • #8443 Breadcrumb is too high / spacing incorrect
  • #8435 Search bar too high in Customization
  • #8424 MITRE ATT&CK ordering is not applied in the matrix view
  • #8421 Export button is missing in the global search
  • #8419 Playbook position is raising errors float versus int
  • #8414 [Activity log - Filter] Missing value in Activity log filters
  • #8407 User unable to export filtered indicators
  • #8401 Double scrollbars in custom dashboards
  • #8396 Table pagination counter should be rounded to first digit
  • #8394 CTRL-Click is no longer possible on entity tables
  • #8393 Bug/Regression - Bulk edition of status not possible
  • #8280 Loader in knowledge graph should be position at center vertically, not at the top
  • #8274 Missing breadcrumb in multiple entities/objects overview
  • #8241 There are 'Exports lists' in another report (OBSERVABLES in report)
  • #8240 Settings panels not aligned
  • #8162 Search in "Correlation view" is not working
  • #7921 [Dashboard] Date displayed as non-human readable format (timestamp)
  • #7226 Created field not present but required for CSV Mapper

Pull Requests:

New Contributors:

Full Changelog: 6.3.1...6.3.3

Version 6.3.1

18 Sep 06:31
0b50bb2
Compare
Choose a tag to compare

Bug Fixes:

  • #8395 In some very rare cases when a bundle is too large, sending to the queue can end up with "Blocked connection timeout expired.".

Full Changelog: 6.3.0...6.3.1

Version 6.3.0

17 Sep 15:23
558e6c1
Compare
Choose a tag to compare

Dear community, we're excited to announce the launch of OpenCTI 6.3! 🥳

This released has been focused on solving well known pains 🎯 :

  • providing more control & clarity to admins related to the ingestion process
  • improve application usability by making it easier to ingest
  • manipulate data and initiating work toward vulnerability management.

Clarity & control over the ingestion process is a must. Hence the introduction of our feature Integrated feeds Ingestion 🧠*.* More and more of you are ingesting data via “integrated” feeds (TAXII, RSS, CSV), and we've worked to give you greater visibility over the data ingestion flow by representing these feeds in the form of a dedicated connector and by allocating dedicated RabbitMQ queues per ingestion configurations in place of common queues (see our depreciation announcements).

Thanks to this enhancement, you'll be able to identify bottlenecks more quickly and gain real-time insights into your data ingestion flow. 💡

Following up on this pain of providing more control to admins over the ingestion, we have introduced a new capability: bypass custom mandatory fields.

The problem is that your connectors providing you data do no always have a a specific field that you want your analyst to provide, which results in failing the creation of entity. ❌ As a result, thanks to this new capability, you will be able to enforce this custom mandatory attribute only for specific groups of users (your analysts), while allowing others (your connectors) to be able to create data without a specific field. 🔥

As mentioned in introduction, we focused on usability. This is why we introduced a new feature: bulk creation 🥇

  1. Bulk Creation of Entities: For entities that only require a single field, you can now copy and paste a list directly into the platform. This allows for the instant creation of multiple entities at once, eliminating the need for repetitive, step-by-step creation processes.
  2. Bulk Creation of Relations: In addition, we’ve added the ability to create relationships in bulk, even for entities that don’t yet exist in the platform. This powerful feature, adapted from our Analyst Workbench’s "add context" functionality, streamlines the process of building connections between entities.

Together, these features are designed to save you time and enhance your productivity, enabling you to focus on more critical tasks.

Improving app usability means better identification of the data that matters to you 💡

Every organization has unique data needs, even within different entities of the same company. To meet this, we introduce the new Custom Overview per Entity Type feature.

This allows users to customize each entity’s layout, selecting key information "blocks" to prioritize and adjust their size. It makes it easier to quickly spot and focus on critical data.

Usability also comes from having similar functionalities in similar screens across the app.

First of all, we have introduced List views for Threat Actors, Intrusion Sets, Campaigns & Malware, on the top of the existing card view 🪪. This will tremendously help the management of these entities without the need to go in data/entities to manage them.

Massive operations have also been added to all Arsenal entities (Malware, Channels, Tools, Vulnerability), Narratives and Attack Patterns! In this way, the consistency of operations across the application is greatly enhanced.

Last but not least, you will notice one last update that has been heavily worked in order to improve our application usability: New data tables 🎉

When upgrading to our new version, you’ll notice that data table look different: we have upgraded them. As a result, you’ll notice that:

  • the table will introduce proper pagination (size of each page can be defined) in order to improve loading.
  • another long awaited improvement is the ability to resize each columns in order to view long names or values. This would make the usability of our app way better. 🚀
  • Additionally, when clicking on one of the columns title, you’ll enable a quick filter: efficiency is key when dealing with loads of data. ❤️‍🩹
  • Behind the scenes, this new technology reduce our technical debt and enable future use cases that we can’t wait to develop!

As some of you may be aware, we would like to make easier the vulnerability management process in OpenCTI.

The first step to achieve this goal was to extend our Vulnerability model to support EPSS and CISA KEV attributes. Support of these two information were highly requested by the community🔥. Regarding EPSS, an enrichment connector to fill the data has been created too, see below.

Having these fields was not enough, we also added the ability to use them (like other vulnerability fields) in playbook components to help you build your own vulnerability decision tree 🪄.

While files and workbenches are essential, they can contribute to performance issues over time, since documents are piling up in the platform. ❌

Retention Rules for Files and Workbenches: We’ve added configurable retention rules, which are not set by default but can be easily customized. For example, you can implement a one-year policy to automatically delete any file or workbench created over a year ago. This helps prevent outdated data from accumulating and improves overall platform performance. 💯

Administrators have also been heard with an additional feature, or rather a UX improvement. To ease management of dashboard we have also introduce a new tab in the dashboard menu, to be able to view only the public dashboards as list without needing to enter in each dashboard to view the corresponding dashboards.

In terms of integrations, lots of effort has been put to deliver new connectors & improvements of existing connectors.

We already announced it on slack, but during this release, we delivered a new Splunk app 🔥, aiming to:

  • seamlessly ingest indicators through an OpenCTI live stream.
  • Instantly trigger actions in response to alerts and investigate them directly within OpenCTI.

With the OpenCTI Add-on for Splunk, you can leverage comprehensive threat information, improving your ability to detect and respond to security incidents more effectively. More info can be found on : https://splunkbase.splunk.com/app/7485.

To provide more support to our community, we completely refactored the Qradar connector to become an official Filigran support connector. This means that we will be able to provide support on this connector if a bug arise. The refactor has also fixed some known bugs, which are listed in the below list of issues.

Being open source also means ensuring that everybody has the capacity to contribute to our codebase. However, in the past, our readmes & guidelines to contribute in our connector repository were not up to date. We’ve made some effort to update it so that all the documentation is up to date, allowing everybody to bring their own contribution more easily 💪!

As mentioned earlier, we have worked towards helping analysts to perform vulnerability management with OpenCTI. To cater this need, we built an enrichment connector to provide values for EPSS 🤘This connector integrates with the organisation “FIRST” API, aiming to retrieve EPSS values about a specific vulnerability. This enrichment connector is of course playbook compatible 🚀

Some connectors have also been reworked (namely Sekoia, Crowdstrike, Mandiant, AlienVault, Recorded Future, CISA KEV) to support our new scheduling and auto-pausing feature that will pause your connector when its queue gets full.
You’ll see in these connectors new variables "duration_period" & "queue_threshold" that you need to define to enable these features. More details can be found in the respective connector pages.

We also improved the Mandiant connector by providing an option to import aliases of malwares & improve campaigns import. Campaigns import improvement provide more details regarding TTPs (labels, relation with intrusion sets, start & stop time & addition of description). In essence, we’ve made sure that we import as much data as we can.

To list them all, here are all the new connectors delivered in the milestone: Jira, Infloblox, Cisco SMA, Group IB, Cofense. The detailed list of connectors & improvement is available here: ****https://github.com/OpenCTI-Platform/connectors/releases?page=1

On a finish note, we would like to thank you for your contributions 🙏 to our product, that helps making our product better: shmztk, Bonsai8863, Fhwang0926, ParamConstructor, VerboseCat, WolfByttner, brett-fitz, mmolenda, Mathieu4141, annoyingapt, DNRRomero, DinkoReversingLabs, pietrocapece, sari3l, bradchiappetta, debelyoo, uTomasAnderson, leitosama, XGREENi3, sudesh0sudesh, cert-orangecyberdefense, cmandich, obideuce, sda06407, Obdam, piolug93, daemitus, polakovicp, julienloizelet, khalidelborai, Renizmy, curiouspython1!

Of course, a huge thank you to all for your contributions 🥇

We hope this release will please you! Feel free to drop us a note about anything. We’re always happy to get feedback about our product usage, whether it’s to hear that everything works perfectly or to get some improvement ideas to.

Depreciation announcements

The RabbitMQ “push_sync...

Read more

Version 6.2.18

30 Aug 18:08
337f272
Compare
Choose a tag to compare

Bug Fixes:

  • #8129 User overview light theme hidden entities tiles
  • #8116 [CSV Mapper] When having error, "Create" button is disabled
  • #7964 Bulk Search - inconsistent results involving HashedObservable objects
  • #7793 TAXII2 pagination incorrectly sets more to false if MAX_TAXII_PAGINATION > ES_DEFAULT_PAGINATION
  • #7623 [Bulk search] The column ordering doesn't work
  • #6758 [Workbench] Campaign object unrecognized in relationships

Full Changelog: 6.2.17...6.2.18

Version 6.2.17

30 Aug 11:24
c599e1a
Compare
Choose a tag to compare

Bug Fixes:

  • #8205 app.base_path configuration is not working anymore (default empty works fine)
  • #8011 When a user is administrator of an organization, he should be able to manage the users of this organization (enable / disable)
  • #7651 Unable to scroll a large markdown content file in preview mode

Full Changelog: 6.2.16...6.2.17

Version 6.2.16

29 Aug 09:34
5706d91
Compare
Choose a tag to compare

Bug Fixes:

  • #8182 Order of kill chain phases are lost after dataset is updated
  • #8150 [Retention policy] Entities are not deleted
  • #8013 Error when creating a user in my organisation as an organisation administrator
  • #7951 Float values are not exported on csv

Full Changelog: 6.2.15...6.2.16

Version 6.2.15

23 Aug 09:20
738cc69
Compare
Choose a tag to compare

Bug Fixes:

  • #8134 UI Bug: Limited File Display and Missing Scrollbar in File Upload & Import Interfaces
  • #8124 Rule engine list view is crashing (out of memory)
  • #8122 When editing a user administrator of an organization, error is raised
  • #8113 [UI] "Distribution of opinions" is not fully displayed
  • #8053 [Taxonomies] Problem adding aliases to open vocab
  • #7885 History is not correct when you impact the score with a background task
  • #7682 Changing "Organizations" in a user make the page full re-render and close the drawer
  • #7656 Manipulating organizations in the user edit panel is very slow / triggering errors
  • #7559 Diamond model captures scroll action for zooming rather than page scrolling

Pull Requests:

Full Changelog: 6.2.14...6.2.15